Login Sign Up

CVE-2021-29875

7.5 HIGH

📋 TL;DR

IBM InfoSphere Information Server 11.7 has an insecure third-party domain access vulnerability that could allow attackers to obtain sensitive information. This affects organizations running vulnerable versions of IBM InfoSphere Information Server. The vulnerability involves improper access controls to third-party domains.

💻 Affected Systems

Products:
  • IBM InfoSphere Information Server
Versions: 11.7
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Affects InfoSphere Information Server 11.7 specifically; other versions may not be affected. The vulnerability relates to third-party domain access controls.

📦 What is this software?

Infosphere Information Server by Ibm

View all CVEs affecting Infosphere Information Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive business data, intellectual property, or personally identifiable information from the InfoSphere environment.

🟠

Likely Case

Unauthorized access to sensitive configuration data, metadata, or partial data exposure through third-party domain interactions.

🟢

If Mitigated

Limited or no data exposure with proper network segmentation and access controls in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires understanding of InfoSphere architecture and third-party domain configurations. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply fix pack or interim fix as specified in IBM advisory

Vendor Advisory: https://www.ibm.com/support/pages/node/6509616

Restart Required: Yes

Instructions:

1. Review IBM advisory at provided URL. 2. Download appropriate fix from IBM Fix Central. 3. Apply fix following IBM installation procedures. 4. Restart affected InfoSphere services. 5. Verify fix application.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to InfoSphere servers and third-party domains

Access Control Review

all

Review and tighten third-party domain access permissions

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate InfoSphere servers from untrusted networks
  • Monitor and audit all third-party domain access attempts and review access logs regularly

🔍 How to Verify

Check if Vulnerable:

Check IBM InfoSphere Information Server version and compare against affected versions in IBM advisory

Check Version:

Check version through InfoSphere administration console or consult IBM documentation for version verification commands

Verify Fix Applied:

Verify fix application through IBM InfoSphere administration console and check version information

📡 Detection & Monitoring

Log Indicators:

  • Unusual third-party domain access patterns
  • Unauthorized access attempts to sensitive endpoints

Network Indicators:

  • Unexpected outbound connections to third-party domains from InfoSphere servers

SIEM Query:

source_ip IN (InfoSphere_servers) AND dest_domain IN (third_party_domains) AND action='access'

📊 Metadata

CVE ID: CVE-2021-29875
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Published: November 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON